Adding default Simple Access group permissions to content types
gravyface - September 12, 2005 - 14:34
| Project: | Simple Access |
| Version: | 6.x-2.x-dev |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed |
Description
AFAIK, you cannot set the default group permissions for native Drupal or Flexinode content types.
Under Admin > Node > Configure > Types > *Type*, there should be the same simple access dialog box thats present on the Node > Edit screens; this would allow the admin to define default Simple Access permissions for each content type.
#1
Yes, that would be very useful.
Alternatively it would be great to add ability that admin can put the whole "Only viewable by"-box in Edit on or off for every content type (so e.g. a flexinode can be created that doesn't need Simple Access)
#2
I've been looking at this in the code and I'm not so sure this will be that trivial. To me, content permissions should be this granular and should be part of the core; this is a serious limitation of Drupal for a lot of corporate usage.
#3
I've started doing some work on this, and have gotten this far:
I can control view access to any content type with these changes to the module, and could probably (with a little work) control update/delete access as well.
This may be a bug or a feature, but I believe that if access to an entire content type is limited, it will override any simple access set up for a particular node within that content type. I'm not sure if it's too confusing to allow a setting for this for the administrator...
There are (at least) two flaws with the below changes.
Here are the changes I'm using:
1. Replace (at original line 97)
function simple_access_nodeapi(&$node, $op, $arg = 0) {switch ($op) {
case 'form admin':
with the following
function simple_access_nodeapi(&$node, $op, $arg = 0) {switch ($op) {
case 'settings':
case 'form admin':
2. Replace (at original line 165)
$output .= form_group(t('Additionally deletable by'), $form, '<span style="font-size:xx-small">'.t('All unchecked = normal behavior<br />(author and admins can delete).').'</span>');}
}
else {
with the following
$output .= form_group(t('Additionally deletable by'), $form, '<span style="font-size:xx-small">'.t('All unchecked = normal behavior<br />(author and admins can delete).').'</span>');}
if ($variable = variable_get('simple_access_nodeapi_'. $node->type, FALSE)) {
while (list($key, $val) = each($variable)) {
$checked_value = '['.$key.'][]" value="'.$val[0].'"';
$output = str_replace($checked_value, $checked_value.' checked ', $output);
}
if ($op == 'settings') {
$output = str_replace('</div><div class="extra">', '<div class="extra">', $output);
$output = str_replace('simple_access]','simple_access_nodeapi_'. $node->type .']', $output);
$output .= '<div class="extra"><span style="font-size:xx-small">Please note: if any of the above boxes are checked, it will override the simple access controls on the individual content items of this type.</span></div>';
}
$output = str_replace($checked_value, $checked_value.' checked ', $output);
if ($op == 'form admin') {
$output = str_replace(' checked ', ' checked disabled ', $output);
$output .= '<div class="extra"><span style="font-size:xx-small">Disabled boxes are being overridden by access to the content type. Change by configuring the content type.</span></div>';
}
}
}
else {
3. Replace (at original line 172)
return $output;case 'delete':
with the following:
return $output;break;
case 'view':
global $user;
// When a node is viewed, make sure the user has access to the content type
if ($variable = variable_get('simple_access_nodeapi_'. $node->type, FALSE)) {
$gid = $variable['view'][0];
if ($gid != 0) {
$roles = simple_access_get_roles($gid);
$access_denied = true;
while (list($key, $val) = each($user->roles)) {
if (in_array($key, $roles)) {
$access_denied = false;
}
}
if ($access_denied) {
drupal_access_denied();
}
}
}
break;
case 'delete':
4. Replace (at original line 424)
// delete all simple_access stuffdb_query('DELETE FROM {node_access} WHERE realm = "simple_access"');
// re-enable universal view grant
with the following
// delete all simple_access stuffdb_query('DELETE FROM {node_access} WHERE realm = "simple_access"');
db_query('DELETE FROM {variable} WHERE name LIKE "simple_access%"');
// re-enable universal view grant
Next steps are to add code to deal with update and delete pages, and to integrate the code better so that it isn't just a str_replace. Any help would be appreciated.
#4
After re-reading the above comments, it looks like what I created is not in response to these - rather than setting a default simple access, my changes allow the administrator to set a permanent simple access for an entire content type.
#5
While I think my changes can be useful, and may lead to what this requestor wanted, I am unassigning myself since my changes were not resolving the requestors issues.
#6
I have determined that flaw #2 in post #3 above is due to my changes to simple access. Working to debug.
#7
I think I have achieved what you are after here.
Currently it only allows you to set the default 'view' permissions for a node type (including flexinodes).
Users with node admin rights can then over-ride the defaults when they create the node instance.
Users with no admin rights will automatically inherit the default view permissions for the node type.
I will post a patch here shortly (if all goes to plan!).
#8
As promised here is my first effort of allowing default view permissions to be set ona per node type basis.
NOTE: This only implements the view permissions.
I only installed Simple_Access.module this afternoon so don't know of all its features, so maybe I broke something else or overlooked something.
The patch is against the 4.6 version of the module as this was required for me client.
#9
I fixed another bug (settings lost after clicking on preview) http://drupal.org/project/comments/add/32376
I also incorporated your patch into that patch but with full defaults (also update and delete), with respect to what the settings specify under /admin/access/simple_access
#10
I'd like to see this implemented as well, so I can set the default access to "staff", "Administrator", but not "customer" for sensitive documents.
Has anyone done a patch for the latest 4.7 compatible simple_access that works yet?
#11
I'd be interested in this being ported to 4.7 as well.
#12
Alas, I really need this feature. I'll have to find some ugly way to hack it in.
All of my nodes, including all forums and web pages, must default to "members only". Only the administrators get to decide what things are available to the public.
#13
#14
Thanks for the module so far (it very nearly does what I need doing) but is there any chance of this patch getting incorporated into the module itself (4.6 version)?
I think this is the key bit of functionality missing - otherwise you are always relying on the user to select to make the correct content private. This makes me nervous as it's prone to mistakes being made.
If you could make some content types default to private, it's a much clearer situation if a user then decides to untick the box to make it public (rather than them accidenatlly forgetting to tick to make it private).
I'm thinking of a situation where you might want to make all forum posts private to certain roles, for example. This module would be perfect and without the unnecessary fetaures and setting up required by bigger modules.
I'm using a hosted service who, quite reasonably, will install install the module but do not want to get involved in applying patches to it.
Here's hoping....
#15
This has now been implemented.
#16
Automatically closed -- issue fixed for 2 weeks with no activity.